Friday, May 28, 2010
Get Those iPhones Out Of Your Corporation!
Posted by Jon Westfall in "Windows Phone Competition" @ 06:30 AM
"Bernd and fellow security guru Jim Herbeck have discovered that plugging even a fully up-to-date, non-jailbroken iPhone 3GS into a computer running Ubuntu Lucid Lynx allows nearly full read access to the phone's storage -- even when it's locked. The belief is that they're just a buffer overflow away from full write access as well, which would surely open the door to making calls. Bernd believes the iPhone's lack of data encryption for content is a real problem, and also cites the inability to digitally sign e-mails as reasons why the iPhone is still not ready for prime time in the enterprise."
If you work in a highly regulated industry and think allowing your executives to use an iPhone instead of a Windows Mobile or RIM device is a fine idea, you may want to look at this article and others like it that point out that while an excellent device, the iPhone lacks basic security. Heck, iPhones blatantly lied to exchange servers for years about encryption capabilities, much to the chagrin of Exchange System Administrators. Apple succeeds at a lot of things, but iPhone security is not one of them!